Where a single repository of data is shared by many users, a client-server architecture may be employed. Referring now to FIG. 1, four computers 110, 112, 114, 116 arranged using a client-server architecture are illustrated. In a client-server architecture, a server 110 is used to access a data repository storage device 102 that stores the data that is shared among the clients 112, 114, 116. Users of the client-server system 100 use a client 112, 114 or 116 to communicate with the server 110 to access the shared data stored in the storage device 102. Clients 112, 114, 116 do not have direct access to the data in the storage device 102, but may request that the server 110 perform actions such as performing retrievals using queries, or adding to or changing the data stored in the storage device 102.
Each client 112, 114, 116 is coupled to the server 110 by a connection 122, 124, 126 between the clients 112, 114, 116 and the server 110. Each connection 122, 124, 126 may be physically separate as shown in FIG. 1, or may be shared using a local area network, or LAN. Ports 142, 144, 146 and associated cabling connected to each of the clients 112, 114, 116 provide the OSI layers 1 and 2 connectivity to the ports 132, 134, 136 of the server 110. If the server 110 will communicate with each client 112, 114, 116 over a LAN, a single LAN interface port may physically replace ports 132, 134, 136, and ports 132, 134, 136 are treated as logical ports.
Referring now to FIG. 2, the conventional server 110 of FIG. 1 is shown in more detail. A server 110 may be built from conventional server software 210 that runs using a conventional operating system 212 on a conventional computer system. A SparcCenter 2000 running the Solaris operating system commercially available from Sun Microsystems of Mountain View, Calif. is one computer system and operating system that may be used, among others. Server software 210 may be conventional database server software such as the Oracle7 product commercially available from Oracle Corporation of Redwood Shores, Calif., or other types of server software.
Referring now to FIGS. 1 and 2, each client 112, 114, 116 communicates with the server 110 by establishing a connection 122, 124 or 126 between the respective client 112, 114 or 116 and the server 110. Each connection 122, 124, 126 is established through conventional data communications means, controlled on the server 110 by the server operating system 212. Each client 112, 114, 116 may establish and maintain one or more simultaneous connections to the server 110 depending on the capabilities of the operating system 212 and the physical capabilities of each client 112, 114, 116 and the server 110. When a connection is established, conventional server software 210 establishes a process to handle communications over the connection and to execute commands received, and maintains information about the process during the period in which the connection is maintained. The process is associated with the port 132, 134 or 136 that was used to establish the session, and all communications received from that port 132, 134 or 136 are routed to that process by the operating system 212, the server software 210 or both.
To allow a user to access the data in the server 110 from any client 112, 114, 116, the user establishes a session with the server 110, by identifying himself to a client 112, 114 or 116, for example, by using a user identifier and password. The client 112, 114 or 116 passes this information to the server 110. Using its software 210, the server 110 checks an access table 218 maintained by a database administrator for validity of the user identifier and password, and if valid, a session is established by the server 110. For each port 132, 134, 136 over which a process of the server software 210 and a session of the user has been established, the server 110 maintains data about the session in a session data storage 232, 234 or 236 in a storage device such as a memory or hard disk. The session data storage 232, 234 or 236 may contain the user identifier and state information for the database, such as instances of object types, language and character set data, statistics about resource usage for the session, storage for cursors and variables and other information. Subsequent commands received by the process over a port 132, 134, 136 are assumed by the server 110 to come from the user that last established a session via that port until such session is terminated. In this manner, the session, process and port 132, 134 or 136 are associated with each other. The process looks to the data in the session data storage 232, 234 or 236 corresponding to the process to execute the commands it receives. When the user logs out, the process is terminated and other users may log into the server using the same port as was previously used, establish a connection, process and session on the server 110 and send commands to the server 110 for execution.
The server software 210 may limit access to the information it serves based on the user identifier stored in the session data storage 232, 234 or 236 corresponding to the process accepting the command. For example, a user of conventional database server software 210 may have no access to one set of data, read-only access to a second set of data, and read and write access to a third set of data. The server software 210 manages the access to the data stored in the storage device 102 by comparing the user identifier stored in the session data storage 232, 234 or 236 for the process with data stored in an access table 218 defined and maintained by a database administrator that identifies to which data each user or groups of users have access, and the type of access, read only or read and write access.
Each connection 122, 124 or 126 between the server 110 and the clients 112, 114 or 116 requires resources on the server 110 such as memory to manage the process and the connection 122, 124 or 126 associated with the session. Even a user that maintains a session without requesting the server to perform any action uses these resources. In order to conserve these resources, some conventional operating systems 212 running in the computer that runs the server software 210 impose a limit on the number of connections 122, 124, 126 that may be simultaneously maintained. Other conventional operating systems 212 may not impose a limit on the number of such connections 122, 124, 126, but a large number of connections 122, 124, 126 over which sessions are established can hinder the other processes on the server 110 which have to run using the remaining resources.
Some users that do not perform many transactions with the server 110 may wish to have the client 112, 114, 116 that they use continuously maintain a session with the server 110 even during periods during which they will not be communicating with the server 110, because it is cumbersome or expensive to establish a connection with the server 110, thus establishing the session takes time and resources that the user may wish to expend no more than once each day. Because such users utilize resources of the server 110 maintaining the session and the associated process and connection, they may either prevent other users from accessing the limited number of connections allowed by the operating system 212, or needlessly tie up resources of the server 110, reducing resources available to the other active or potential users of the server 110.
TP monitors have been developed to allow more users to use a server 110 than the number of connections established with the server 110. Referring now to FIGS. 1, 2 and 3, the system 100 of FIG. 1 is shown with a TP monitor 310 connected between the clients 112, 114, 116 and the server 110 using ports 338 and 332, 334, 336. The TP monitor 310 acts to the server 110 like one or more clients and acts to the clients 112, 114, 116 like one or more servers, allowing its insertion between the clients 112, 114, 116 and the server 110 without modification of the clients 112, 114, 116 or the server 110. The TP monitor 310 establishes one or more sessions with the server 110 with full security access privileges using a user identifier and password of the TP monitor 310. Each of these sessions is therefore "owned" by the TP monitor 310. The TP monitor 310 receives queries or other server command from the clients 112, 114, 116, passes the query or command to the server 110 over one of its connections 328 to the server 110, accepts any results of the query or command from the server 110 and passes the results to the initiating client 112, 114 or 116. Because the TP monitor 310 is capable of switching the commands received from the clients 112, 114, 116 over a smaller number of connections with the server 110, the TP monitor can be connected to more clients 112, 114, 116 than the number of connections it occupies on the server 110, overcoming the limitations of the number of server connections and reducing the resources of the server 110 that would otherwise be required to maintain individual connections to all of the clients 112, 114, 116. In FIG. 3, a single connection 328 on the server 110 may handle commands from all three clients 112, 114, 116.
However, because the TP monitor 310 must have security privileges on the server 110 for at least all of the clients 112, 114, 116 from which it may receive commands, and the connection is "owned" by the TP monitor 310, the server 110 is never informed of the identity of the user of the client 112, 114 or 116 that sent the command the server 110 receives. Thus, the server 110 is unable to restrict data access according to the identity of the user.
The TP monitor 310 may itself perform the security functions that were performed by the server 110. The TP monitor 310 may perform these functions by requiring the user to establish a session with the TP monitor 310 similar to the procedure for establishing a session with the server described above. Because the TP monitor 310 is aware of the user identifier of the user that sends any command, the TP monitor 310 can maintain its own data access table and refuse to pass to the server 110 a query or other command sent by a user without the proper access privileges. However, because there may be numerous TP monitors 310 coupled to each server 110, administration of security access can be made more complex than the centralized approach of administering security on the server 110. In addition, the TP monitor 310 may not be able to provide all of the security features of the server 110. Furthermore, when new security features become available on the server 110, the owner of the system 100 is required to update the software in the TP monitor 310 to gain access to these new features if such features can be obtained from the TP monitor 310 at all.
It is desirable to allow more users to use the server 110 than connections to the server 110 in a manner that maintains to the server 110 the identity of the user.